New Posts New Posts RSS Feed: Calling LoginAsync to validate a user
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Calling LoginAsync to validate a user
 Post Reply Post Reply
Author
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
jsobell View Drop Down
Groupie
Groupie
Avatar

Joined: 02-Apr-2009
Location: Australia
Posts: 80 		Post Options Post Options   Quote jsobell Quote  Post ReplyReply Direct Link To This Post Topic: Calling LoginAsync to validate a user
    Posted: 07-Jun-2009 at 3:56am
We've been trying to use the IEntityLoginManager interface to validate users but have found some confusing (to us) behaviour.
When a user attempts to login but the IEntityLoginManager decides they are invalid we return null as the IPrincipal. This is reflected correctly at the client end, but all subsequent calls to LoginAsync bypass the server call, presumably because they have decided that the client (not user) is already logged in.
I've seen mentioned that instead of returning null we should throw an exception, but this makes automated testing very messy, and throwing exceptions is a very expensive way of returning a fail condition.
Why does the call to LoginAsync not resend the request if the user in the current session's iPrincipal is unauthenticated? This blending of the concepts of client 'logged in' and user 'logged in' is quite strange, and makes the logic in the SL client cumbersome and confusing.

How exactly is the SL client supposed to handle this process? An example showing a failed attempt followed by a successful one would be very helpful.

Cheers,
 Jason
Back to Top
kimj View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 1391 		Post Options Post Options   Quote kimj Quote  Post ReplyReply Direct Link To This Post Posted: 08-Jun-2009 at 12:02pm
A couple of issues here -
 
1) LoginAsync (and Login) currently always check if the client (user) is logged in, and if so don't attempt to login again.  This check looks at the internal token representing the client session and not at the actual user credentials.
 
2) Client vs. user login - You're right that we do couple these and probably should not.  We also assume that a failed login results in a LoginException, otherwise the login is considered successful.  I'll open a feature request to see what we can do to break the linkage between the internal token used for a client session vs. the authentication logic of a user login.
 
For now, if you can't throw a LoginException then you'll first need to call LogoutAsync when the user fails authentication prior to attempting another login.
 
 
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down